From 1d2c0703ffcdd49324c73bafae2211f5d0759dfd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Gustavo=20I=C3=B1iguez=20Goia?= Date: Thu, 8 Feb 2024 17:53:07 +0100 Subject: [PATCH] pop-ups: filter by absolute path+cmdline on some cases If the pop-ups' target is to filter by cmdline, but the typed/launched command is not absolute or it starts with /proc, also filter by the absolute path to the binary. --- ui/opensnitch/dialogs/prompt.py | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/ui/opensnitch/dialogs/prompt.py b/ui/opensnitch/dialogs/prompt.py index a1c021ea58..9a0a3132cd 100644 --- a/ui/opensnitch/dialogs/prompt.py +++ b/ui/opensnitch/dialogs/prompt.py @@ -673,12 +673,13 @@ def _send_rule(self): is_list_rule = self._is_list_rule() # If the user has selected to filter by cmdline, but the launched - # command path is not absolute, we can't trust it. In this case, - # also filter by the absolute path to the binary. + # command path is not absolute or the first component contains + # "/proc/" (/proc/self/fd.., /proc/1234/fd...), we can't trust it. + # In these cases, also filter by the absolute path to the binary. if self._rule.operator.operand == Config.OPERAND_PROCESS_COMMAND: proc_args = " ".join(self._con.process_args) proc_args = proc_args.split(" ") - if os.path.isabs(proc_args[0]) == False: + if os.path.isabs(proc_args[0]) == False or proc_args[0].startswith("/proc"): is_list_rule = True data.append({"type": Config.RULE_TYPE_SIMPLE, "operand": Config.OPERAND_PROCESS_PATH, "data": str(self._con.process_path)})